A new type of malicious software has surfaced that is designed to steal data from point-of-sale systems, according to security firm McAfee. Called vSkimmer, the Trojan Horse variety of malware communicates payment card data to hackers.
Chintan Shah, a McAfee security advisory, says the malware was discovered in mid-February 2013 and is being discussed on cybercriminal forums, according to PC World.
The publication notes that vSkimmer malware searches the memory of all processes running on an infected computer, except for those hardcoded in a whitelist, for information that matches a specific pattern. This process is designed to find and extract card Track 2 data from the memory of the process associated with the credit card reader.
Such malware attacks illustrate the importance of having strong POS systems that comply with the Payment Card Industry data security standards. Hackers constantly are looking for holes where card data are openly available, and only true end-to-end encryption can ward off such attacks. Smaller merchants are especially vulnerable because they tend to use less sophisticated POS systems.